Last major update: 25.08.2020
- Что такое авторизация/аутентификация
- Где хранить токены
- Как ставить куки ?
- Процесс логина
- Процесс рефреш токенов
- Кража токенов/Механизм контроля токенов
Evgenii Logvinov evgeniy-logvinov
evgeniy-logvinov
/ tokens.md
Created
March 29, 2023 17:01
— forked from zmts/tokens.md
Про токены, JSON Web Tokens (JWT), аутентификацию и авторизацию. Token-Based Authentication
evgeniy-logvinov
/ russia
Created
March 11, 2022 20:24
— forked from gorborukov/russia
Регионы и города россии в формате JSON
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [ | |
| { | |
| "region": "Москва и Московская обл.", | |
| "city": "Москва" | |
| }, | |
| { | |
| "region": "Москва и Московская обл.", | |
| "city": "Абрамцево" | |
| }, |
evgeniy-logvinov
/ deleteAllSessionsUserRouter.js
Last active
January 7, 2020 14:58
Delete all user sessions
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| router.delete('/sessions/delete-all', authenticate(), | |
| async (req, res, next) => { | |
| try { | |
| const refreshToken = getRefreshToken(req); | |
| const user = await userService.deleteAllSessions({ token: req.token, refreshToken }); | |
| res.status(200).send(user); | |
| } catch (e) { | |
| next(e); | |
| } | |
| }); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| router.delete('/sessions/delete/:id', authenticate(), | |
| async (req, res, next) => { | |
| try { | |
| const id = req.params.id; | |
| const result = await userService.deleteByIdSession({ id, token: req.token }); | |
| res.status(200).send(result); | |
| } catch (e) { | |
| next(e); | |
| } | |
| }); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| router.get('/sessions', authenticate(), | |
| async (req, res, next) => { | |
| try { | |
| const user = await userService.getSessions({ token: req.token }); | |
| res.status(200).send(user); | |
| } catch (e) { | |
| next(e); | |
| } | |
| }); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| router.get('/user', authenticate(), | |
| async (req, res, next) => { | |
| try { | |
| const user = await userService.getUser({ token: req.token }); | |
| res.status(200).send(user); | |
| } catch (e) { | |
| next(e); | |
| } | |
| }); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const express = require('express'); | |
| const { securityService } = requireRoot('lib/services'); | |
| const { getRefreshToken, getClientInfo } = requireRoot('lib/utility'); | |
| const router = express.Router(); | |
| router.post('/signup', async (req, res, next) => { | |
| try { | |
| const { email, password, confirmPassword, emailPreferences, phone, name } = req.body; | |
| const result = await securityService.signup({ email, password, confirmPassword, emailPreferences, phone, name }); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| router.post('/refresh', async (req, res, next) => { | |
| try { | |
| const refreshToken = getRefreshToken(req); | |
| const newRefreshToken = await securityService.refresh({ refreshToken }, getClientInfo(req)); | |
| res.send(newRefreshToken); | |
| } catch (e) { | |
| next(e); | |
| } | |
| }); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| router.get('/token', async (req, res, next) => { | |
| try { | |
| const refreshToken = getRefreshToken(req); | |
| const token = await securityService.token({ refreshToken }); | |
| res.send(token); | |
| } catch (e) { | |
| next(e); | |
| } | |
| }); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| router.post('/signout', async (req, res, next) => { | |
| try { | |
| const refreshToken = getRefreshToken(req); | |
| const signout = await securityService.signout({ refreshToken }); | |
| res.send(signout); | |
| } catch (e) { | |
| next(e); | |
| } | |
| }); |
NewerOlder